MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f288f232b14cfdd778fbbafff601555b30a66a0f7679fafb1189a2a40fd28ca5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f288f232b14cfdd778fbbafff601555b30a66a0f7679fafb1189a2a40fd28ca5
SHA3-384 hash: d8d60020e22dd218611c3cfe6ef4d4c2ee76ae5bdaaebd31eff22dfaf133ddbc44dd140cef1f171ee6bb8e7545efd403
SHA1 hash: de0237c63a2d84bd286fe37ed69c1f4657c1ca90
MD5 hash: 5775e375a22bd13b4108b0a60a6f7c27
humanhash: july-enemy-yellow-jig
File name:Purchase order document for new shipment_pdf.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:46'485 bytes
First seen:2020-06-02 11:22:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:9MabtIPW2BOCcc2wWDM4EWMisvE29OnjTOr/M9L87S+UaEVJpQPEqWapIfBglpQ3:9MaJiYnc2laWbk7KfUM9L873K2PEqWys
TLSH E7230270AA217087A974A4B3FFAEBC14E562CD3930B04B1D575A5EC3F8A92FB5403C25
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: Peter.Mahlangu@temoc.co.mz
Subject: NEW PURCHASE ORDER FOR SHIPMENT
Attachment: Purchase order document for new shipment_pdf.arj (contains "Purchase order document for new shipment_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1emdeFT0ppBWGwMGoh2tGfD7cpkKDTuPU

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24764.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 09:53:16 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kepemvrjt65o6h3xl77makvlmykm2qpoz47v6yrrgrkid6srssq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f288f232b14cfdd778fbbafff601555b30a66a0f7679fafb1189a2a40fd28ca5

(this sample)

GuLoader

Executable exe 93b8ccba207f183060e4a2988269a31456b9f44d5729d9482a9b901cf0deed84

  
URLhaus
https://urlhaus.abuse.ch/url/374145/
  
Dropping
MD5 ab7f7b64f35ac880a8bf037e55c67630
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93b8ccba207f183060e4a2988269a31456b9f44d5729d9482a9b901cf0deed84

Comments